Security at eero — announcing our Coordinated Disclosure Program

At eero, we realize that our users depend on us to develop secure products that keep their home networks safe, and to offer services that protect the security and privacy of everyone in their homes. We wanted to remind everyone of the security features that we’ve been building and improving since day one, and to announce our Coordinated Disclosure Program, which lets us identify and fix security issues more quickly and effectively than ever before.

Layered security testing

Even though you might not hear about every hack, they’re out there. A quick search online for vulnerabilities in home WiFi network equipment this year turns up a series of articles describing how entire product lines contain multiple. With eero’s automatic updates and constant security testing, we’re confident that any security updates you need will reach you before the bad guys find out about them.

Since the beginning, we’ve worked with third party hacking companies (‘penetration testers’) to test the security of eero. We give these companies our devices and our software, and a team of world-class security experts will look for ways to break in. These tests usually find some vulnerabilities for us to fix — that’s what we want to see, so we know the testing is working. Security and attacks are evolving rapidly, so we’re always expecting to find something new, but it means we can catch these things before they reach any eero users. This is really valuable testing, but there’s only so much these companies can do in a fixed period of time.

Working with every security researcher on the planet

That’s why today we’re announcing the launch of our Coordinated Disclosure Program. The program gives everyone in the world a way to report issues with eero and eero Plus, with a consistent set of rules, and a couple of ways to thank hackers for working with us.

In the security community, it’s standard practice for security researchers to write up the details of the issues they find in websites and products. Sometimes the authors of software get an early warning and a chance to fix the issue, and sometimes they don’t. By launching this program, eero is committing to a consistent and predictable set of rules for reporting security issues directly. We’ve always accepted reports via our security contact address, and now we’re making the process easier for everyone.

With our partners at Bugcrowd, bugs can be reported to eero’s security team through the Bugcrowd bug management platform. This puts security researchers in direct contact with our security team to work through any problems and fixes as efficiently as possible, and means researchers are kept up-to-date on the current status of any issues they report to us. Those participating in Bugcrowd’s program are rewarded with points that provide some perks, and eero will be providing some eero swag as tokens of our appreciation. Learn more on our Bugcrowd page.

We’re looking forward to engaging even more closely with the security community to make sure that everything we provide to eero users is as secure as it can be, which makes everyone safer online. Of course, we continue to work privately with professional security experts while we design, build, and test eero products and services, and that won’t change. The Coordinated Disclosure Program is just another way we’ll keep working to improve eero to make it better and safer all the time.

eero’s layers of security

Security, whether it’s physical security, your home network, or your browsing activity online, works best in layers. If you want to protect the world’s most valuable diamond, you don’t just put it behind a locked door — you put it behind three doors, five locks, security cameras, a laser grid, and a team of security guards. This is true of our layers of security testing and it can – and should – be true of your network security.

Your wireless network is protected by eero’s regular security updates, network firewall, the most secure wireless encryption standards available, and the most secure configuration options out-of-the-box — we don’t support older, insecure options. All of these things work to keep unwelcome guests off of your network, whether they’re trying to join via wireless, or trying to gain access from the Internet.

With eero Plus, you get an additional layer of protection while you’re browsing the Internet: websites are automatically checked against a constantly-updated list of malicious sites, and sites we don’t know are checked in real-time while you browse. Kids get another layer of protection through the improvements in Family Profiles for eero Plus users, with content filtering based on category.

The eero Security team is working tirelessly to keep our own systems secure. eero networks adapt to challenging conditions and can resolve problems on their own — features you probably don’t even notice because they’re always working in the background. We make sure that the eero software we build is protected from tampering, and that any network data we use to keep the magic flowing is protected from hackers, as well as from the accidental data leaks that keep making headlines.

Add your own layers of security

With eero’s Network Security and eero Plus, we’ve added the doors and locks, but they only work if they’re not left open. If you follow our blog, we’ll keep you up-to-date on some of the latest hacks affecting home internet users, and tips for how to protect yourself online.

Online threats are always evolving, and we’re constantly working to update the features of eero and eero Plus to stay on top of them.